Locky ransonware, strikes again with new email distribution campaign
04 Sep 2017
The re-emergence of Locky ransomware with new email distribution campaign has been billed as one of the largest malware campaigns in the latter half of 2017, according to media reports.
The ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours on 28 August, zdnet.com reported.
The subject line in the emails included "please print", "documents" and "scans".
According to researchers at US-based cybersecurity firm AppRiver, who discovered the new campaign it represented "one of the largest malware campaigns seen in the latter half of 2017".
The report said, the malware payload was hidden in a zip file containing a Visual Basic Script (VBS) file, which once clicked, downloads the latest version of Locky ransomware -- the recently spotted Lukitus variant -- and encrypts all the files on the infected computer.
Victims are demanded a ransom of 0.5 bitcoin ($2,300) to pay for "special software" in the form of a "Locky decryptor" for getting their files back.
Instructions on downloading and installing the Tor browser as also on how to buy Bitcoin are provided by the attackers in order to ensure victims can make the payment.
